A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.
History

Wed, 06 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2022-04-06T18:12:26.733091Z

Updated: 2024-11-06T16:28:57.600Z

Reserved: 2021-11-02T00:00:00

Link: CVE-2022-20774

cve-icon Vulnrichment

Updated: 2024-08-03T02:24:49.555Z

cve-icon NVD

Status : Modified

Published: 2022-04-06T19:15:08.377

Modified: 2024-11-21T06:43:31.800

Link: CVE-2022-20774

cve-icon Redhat

No data.